Comments (15)
you're sure it was being treated as 'hours' in 1.1.9? that seems... surprising.
https://github.com/irods/irods/blob/main/plugins/database/src/db_plugin.cpp#L7102
The number passed over the wire is multiplied by 3600, so it always has been hours. So this is the regression for the python client: by default v1 attempted to generate a native password with validity of 60 hours, and v2 takes the shorter 121 seconds from server side.
from python-irodsclient.
What version of the PRC are you using?
What version of iRODS are you experiencing this against?
from python-irodsclient.
What version of the PRC are you using?
>>> import irods
>>> irods.__version__
'2.0.0'
What version of iRODS are you experiencing this against?
>>> session.server_version
(4, 3, 1)
from python-irodsclient.
Oh right, the PRC version is in the title.
Anyway, have you adjusted your PAM TTL settings according to the following section?
If yes, can you share what you have for each option?
from python-irodsclient.
these are:
[irods@gbiomed ~]$ iadmin get_grid_configuration authentication password_max_time
1209600
[irods@gbiomed ~]$ iadmin get_grid_configuration authentication password_min_time
121
[irods@gbiomed ~]$ iadmin get_grid_configuration authentication password_extend_lifetime
1
from python-irodsclient.
The real issue here is that in the v1 client the default password lifetime is 60 hours
https://github.com/irods/python-irodsclient/blob/v1.1.9/irods/connection.py#L440
(although the naming of that variable is confusing).
In v2 the default is that the server should decide on the lifetime
python-irodsclient/irods/connection.py
Lines 461 to 462 in ed2e73c
apparently without possibility for the client to overwrite it and ask another value. And the default lifetime of the server is the minimal one, 121 seconds.
from python-irodsclient.
Everything is more configurable with 'seconds', so that was the new standard - so I think that part is expected/desired.
from python-irodsclient.
you're sure it was being treated as 'hours' in 1.1.9? that seems... surprising.
from python-irodsclient.
One thing that sticks out is the message at the end of stacktrace(?).
RuntimeError: Time To Live has expired for the PAM password, and no new password is given in legacy_auth.pam.password_for_auto_renew. Please run iinit.
That is generated here:
python-irodsclient/irods/connection.py
Lines 475 to 477 in 1d8433e
Seems you may want to review this section. There are several PAM related option described there and they are referenced in the code leading to that exception.
from python-irodsclient.
See the following for the full function impl. Notice the lines starting from line 470.
python-irodsclient/irods/connection.py
Lines 457 to 480 in 1d8433e
from python-irodsclient.
Actually correct code snippet is
https://github.com/irods/irods/blob/main/plugins/database/src/db_plugin.cpp#L7241-L7252
from python-irodsclient.
I think adding a settings file will allow you to make progress. The option you want to set in that file appears to be legacy_auth.pam.time_to_live_in_hours
.
from python-irodsclient.
You may also need legacy_auth.pam.password_for_auto_renew
.
from python-irodsclient.
Confused with this. Btw, we don't use the native authentication in our flow.
Note this line too, showing that eventually _login_pam
routes through _login_native
anyway, with a transformed value it receives from the server, as part of its own internal workings. Yes , it's been that way for a while! : )
from python-irodsclient.
I am closing this - because we decided to use the native scheme. And apparently we are touching on an issue that existed in older versions.
from python-irodsclient.
Related Issues (20)
- Document auxiliary test script setupssl.py
- (in iRODS 4.3.2) an iRODSGroup cannot be removed HOT 1
- Prevent creating `iRODSUser` of type `rodsgroup` HOT 1
- Downloading large file to directory throws IsADirectoryError HOT 2
- Make error-passing interface more uniform HOT 1
- Make README clearer with regard to version references
- Trying to add and set non string metadata values raise different errors HOT 2
- Add support for client hints HOT 1
- Investigate interpreter segfault TODO comment for Python 3.6 vs 3.11
- question: is there a way to get events' results that can be captured in server, for example by `Rule`? HOT 4
- Add support for `get_library_features` API HOT 2
- for each replica acls method seems to return available permissions HOT 14
- Return better error on incorrectly constructing `iRODSAccess`
- For enumerating ACLs, PRC should follow ils's pattern and use of specific query
- Simplified acl check for a user
- irods.connection pool management (active vs idle) can go haywire HOT 1
- Have PRC keep the connection open during checksum calculation HOT 3
- Exception class Bad_AVU_Value should inherit ValueError directly HOT 2
- login_auth_test.py should not be run in full suite
- Running on a terminal, test suite prints reams of logging output to stderr
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-irodsclient.